Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Technical_Servi
Contributor
Jump to solution

S2S VPN Problem after Hotfix R80.20 Take_103 on GW

Hi All

 

After installing Take_103 on a GW we are running in strange behaviors with S2S VPNs with 3. party vendors (WatchGuard).

The tunnels are up. Traffic goes through (HTTP,RDP .....). But AD authentication doesn't work.

We can see packets from the clients through the tunnel to the AD controller:

12:49:01.212147 IP xxx.xxx.xxx.41.62985 > 10.xxx.xxx.11.389: UDP, length 214
12:49:01.212669 IP 10.xxx.xxx.11.389 > xxx.xxx.xxx.41.62985: UDP, length 195

But the don't reach the other site?! No log entries on both sites!

Any ideas?

Thanx in advance
Marc

0 Kudos
4 Replies
Technical_Servi
Contributor

@;23175706;[cpu_0];[SIM-206874016];prepare_cut_through: route ifn change requires F2F (curr_ifn=2, out_ifn=6, ci_flags=0x8080), conn: <10.xxx.xxx.11,389,xxx.xxx.xxx..41,55889,17>;

@;23175706;[cpu_0];[SIM-206874016];sim_pkt_send_drop_notification: (0,0) received drop, reason: general reason, conn: <xxx.xxx.xxx..41,55889,10.xxx.xxx.11,389,17>;

@;23175706;[cpu_0];[SIM-206874016];sim_pkt_send_drop_notification: no track is needed for this drop - not sending a notificaion, conn: <xxx.xxx.xxx.41,55889,10.xxx.xxx.11,389,17>;

@;23175709;[cpu_0];[SIM-206874016];do_packet_finish: SIMPKT_IN_DROP vsid=0, conn:<10.xxx.xxx.11,389,xxx.xxx.xxx..41,55889,17>;

@;23175709;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=17 10.xxx.xxx.11:389 -> xxx.xxx.xxx..41:55889 dropped by vpn_route_change_sxl_notification_handler Reason: dynamic VPN routing is not supported;

 

 

Nothing except the HFA has been changed?!

Marc

0 Kudos
PhoneBoy
Admin
Admin
Best to engage with the TAC, but the error message "Reason: dynamic VPN routing is not supported" might be a clue.
0 Kudos
Technical_Servi
Contributor

We just had a remote session with TAC.

The problem is already known and devlopment is searching for a solution.

We have currently a workaround. We have disabled vpn accelaration.

So far, it works!

Keep u up to date!

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events